VYPR

Virtual Traffic Manager

by Ivanti

CVEs (5)

  • CVE-2024-7593CriKEVAug 13, 2024
    risk 0.86cvss 9.8epss 1.00

    Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

  • CVE-2026-8051HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.02

    OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2021-31922May 14, 2021
    risk 0.00cvss epss 0.01

    An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.

  • CVE-2018-20307Dec 20, 2018
    risk 0.00cvss epss 0.01

    Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation.

  • CVE-2018-20306Dec 20, 2018
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected…